Get Your Head Out of the Sand and into the Clouds
There are two idioms that accurately describe the current state of enterprise Web security: some organizations have its head in the sand and some organizations have its head in the clouds. As enterprises embrace cloud applications, such as Saleforce.com, MS Office 365, Google Docs and Dropbox there is a harsh realization that the status quo for infrastructure hardware has become stagnant.
Most enterprises still rely on traditional security hardware appliances that are centralized in an enterprise data center or distributed across regional and branch offices. However, a centralized architecture requires backhauling of traffic, much of which is going to the Internet, which increases backhaul bandwidth costs and latency, while a distributed model can be complex and time-consuming to manage. Both of these approaches are becoming outdated in the light of cloud computing; a distributed model with many performance, management and cost benefits.
Early adopters of Direct-to-Cloud Network (DCN) technology have realized that the same benefits of outsourcing cloud services and cloud infrastructure can also be applied to Web security services. By moving security into the cloud through a DCN it allows internet bound traffic to be sent directly from branch offices to the internet without going through a backhaul network. Using a cloud service also eliminates the need to test and maintain software for a hardware platform which may be physically distributed and must be coordinated across multiple locations with multiple IT teams. A cloud service eliminates this and reduces the overall Opex costs to maintain a solution.
Scaling and capacity of security appliances can be difficult to manage. The larger an organization becomes and the more resources the features of an appliance consume, the more the performance degradation is experienced across the enterprise.
One example of this is use of SSL Decryption. Most hardware vendors state that they support SSL decryption but few customers can enable this feature, as performance degrades by 50 percent or more. One option is to purchase additional hardware to support. Many appliance based networks have been architected to support peak performance. As a result, the devices on average are not operating at full capacity and are being wasted by idling waiting for bursts or peak traffic.
Both of these issues can be optimized by using a cloud service where the administration does not have to worry directly about scaling or performance requirements. You can see that organizations making a decision to invest heavily in appliances may not be making a wise decision moving forward.
By moving web security into the cloud through a DCN, IT teams have more resources and more time to spend on the real issues: threat analysis, corrective action and threat mitigation.
Security appliances are developed with expensive hardware to handle and process CPU intensive security functionality such as Anti-Virus, Intrusion Detection, and DLP (Data Loss Prevention). High availability architecture requires redundant hardware that leaves even more potential processing power unused during off-peak times.
Adopting a DCN enables the elastic benefits of the cloud. Organizations are able to harness available capacity when they need it without paying for it when they don’t need it.
Managing many appliances is especially difficult when you have thousands of offices across the globe. Some organizations rely on network management software to reduce complexity, at an increased cost.
Zscaler has built a cloud-based architecture from the ground up, which centralizes management of its fully-distributed offered through a single pane of glass and fully redundant Direct-to-Cloud Network, eliminating complexity.
As you can see from a cursory review, a hardware-based approach creates many issues, the same issues that a cloud-based model can mitigate. As traffic patterns for cloud based applications become more pervasive and change the way IT Managers consider new solutions, we fully expect that many more organizations turn to Zscaler as the come to this realization and move to adopt the Direct-to-Cloud Network as the only logical decision.